PT-2020-5467 · Intel+6 · Dpdk+6

Published

2020-05-18

Updated

2024-06-15

CVE-2020-10725

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions DPDK versions 19.11 and above

Description A flaw in DPDK allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, resulting in a loss of connectivity for other guests. This issue is caused by a missing validity check of the descriptor address in the function virtio dev rx batch packed(). The flaw is related to an integer overflow.

Recommendations For DPDK versions 19.11 and above, consider disabling the virtio dev rx batch packed() function until a patch is available to prevent exploitation. Restrict access to the vhost-user backend application to minimize the risk of connectivity loss for other guests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

ALT-PU-2020-2878

ALT-PU-2021-1176

ALT-PU-2021-2053

BDU:2021-00723

CESA-2020_4806

CVE-2020-10725

OPENSUSE-SU-2020:0693-1

OPENSUSE-SU-2020_0693-1

OPENSUSE-SU-2024:10727-1

RHSA-2020:2295

RHSA-2020:4806

RHSA-2020_4806

RHSA-2021:1239

SUSE-SU-2020:1334-1

SUSE-SU-2020:1335-1

USN-4362-1

Affected Products

Alt Linux

Centos

Dpdk

Linuxmint

Red Hat

Suse

Ubuntu

PT-2020-5467 · Intel+6 · Dpdk+6

CVE-2020-10725

Weakness Enumeration

Related Identifiers

Affected Products

References · 45